On Wednesday 05 November 2003 01:23 am, David E. Fox wrote:
> hey - help!
>
> it's seemingly apparent that in the last week or two there seems to
> be an increasing number of mails of a dubious nature being sent to
> a large number of bogus addresses by yours truly :(.
Do you have any bounces or copies of the messages with full headers intact?
If so, I can help you to decipher exactly what systems those messages have
gone through and possibly, their origination, be it a proxy or open system.
> I'm not a spammer but it seems that my mailing system (postfix) is
> misconfigured -- but I was under the impression that postfix was
> relay-proof. I have seen evidence though of some chinese sites
> "masquerading" as m206-157.dsl.tsoft.com, probably forging headers
> somewhere along the line. It further seems that mail is injected here
> and then attempts are made to send the sh*t off to other places.
Well, by default, Postfix will only originate mail for localhost. That means
that an account on the actual mail server would need to be used to originate
mail if it were going to be sent out. Is it possible that you inadvertently
made some changes by adding a trusted IP range that caused your system to
become open to relay? Or, is is possible that a user account has been
compromised that some person is using to inject mail? Lastly, do you have
any windows machines sharing the same connection and is is possible that they
were compromised and are originating the mail with their own SMTP engine?
> I have not gotten any complaints but as of now 22:30pm pst 11/4 there is
> approximately 2.3 megabytes' worth of mail trying to get out.
>
> 1) I want to simply remove these messages. How do I do this? I have not yet
> come across a queue removal program - like lprm - for mail. Can (or should)
> I just delete all the files underneath
> /var/spool/postfix/{defer,etc,deferred, etc} - i.e, keep the directory
> structure intact but do somehting like
>
> find /var/spool/postfix -type f | xargs grep rm
>
> Is that dangerous?
If you have Webmin installed on your system, you should be able to use the
control panel to look at the mail queue individually and cull out messages
that you want to delete from those that are valid. If you have a large
number in the queue, it could be that postfix has actually caught those
before they went out and prevented them from being sent. You might be able
to flush those automatically bouncing them back to the sender.
> Secondly, using a fairly stock configuration for postfix, is there some-
> thing I've missed? I can attach my configuration if needed. I have
> basically kept the same one intact since I initially reinstalled 9.0
> and upgraded to various levels of cooker over the past few months.
Attaching the config might be helpful. If you have made changes from the
default, there is no way to know how it is now configured without seeing it.
--
Bryan Phinney
Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
